chaospatterns
@chaospatterns@lemmy.world
- Comment on Self-hosted blog - do I need a static IP address? 3 hours ago:
- Comment on Itch.io has begun restoring NSFW content, but only if it’s free 3 days ago:
The problem is the payment processor. There’s only so many of them that customers actually choose to use.
- Comment on Mastercard release a statement about game stores, payment processors and adult content 4 days ago:
buy a stock through a company like Fidelity where is the stock actually held and that was layers of public/private companies/corporations
- Comment on OpenAI’s Sam Altman warns of AI voice fraud crisis in banking 1 week ago:
How about some Yubikeys or smart cards instead of something that requires me to scan my retina and share it with Sam Altman
- Comment on I'm setting up a Windows 11 laptop for my uncle. Is there a sneaky way to make it block right-wing bullshit websites? 2 weeks ago:
If you alter it to 0.0.0.0 then it shouldn’t pop an SSL error, it would be a connection failed error.
- Comment on Just created my own zero trust network! 2 weeks ago:
Right. Zero trust means at the very least you need to add AuthN and AuthZ to every endpoint with no exceptions for internal IP addresses.
- Comment on Photo management - storing friends' photos 3 weeks ago:
Encryption at rest just means the data itself is encrypted when stored on disk and the key is somewhere. It doesn’t dictate that the key is not visible to the server.
Encryption in transit refers to an encrypted channel from client to server.
E2E encryption usually refers to encryption from one entity to another where any intermediary servers do not have the ability to decrypt
Source: too many years doing application security at my job
- Comment on Homemade polarimetric synthetic aperture radar drone 4 weeks ago:
After I read this, I thought it would be really cool to try to make this myself. But then I realized I’m barely able to get a simple circuit working much less one that involves complex RF signalling.
- Submitted 4 weeks ago to electronics@discuss.tchncs.de | 2 comments
- Comment on Automatic Transfer Switch PDU in The Homelab - Does it make sense? 4 weeks ago:
The point seems to be able to handle a UPS failure
- Comment on Senate GOP budget bill has little-noticed provision that could hurt your Wi-Fi 5 weeks ago:
WiFi is on all three bands. It’s not so much what’s newer vs older. Newer devices tend to support 2.4, 5, and 6 and switch between them based on quality of signal and support by the WiFi network. Higher frequencies like 5 and 6GHz are generally better because there’s less interference.
Cheaper devices tend to only support 2.4GHz
- Comment on Meta is Adding AI-Powered Summaries to WhatsApp 5 weeks ago:
Fascinating. Just based on your comment and nothing else, sounds like it could be something like a CPU Enclave like Intel SGX. Basically a remote client can validate that an application runs in a secure part of a remote cloud computer. The stated goal of SGX is that you only have to trust Intel and if you trust Intel and say run program X in the enclave, then only that part of the CPU can access the data, not the applications running in the non-secure enclave.
Now that brushes over some things like you still need to trust the client and IIRC in a WhatsApp situation, you don’t really know what enclave does, but the communications between the enclave and the host OS are heavily restricted. LLMs also require lots of CPU and are usually run on GPUs, so not sure how that works yet.
- Submitted 1 month ago to technology@lemmy.world | 0 comments
- Comment on Google Play’s latest security change may break many Android apps for some power users. The Play Integrity API uses hardware-backed signals that are trickier for rooted devices and custom ROMs to pass. 2 months ago:
Google is doing this because they have incentives to do so. They want to block malicious actors like attack their platforms.
Other companies want to lock down their own apps because they don’t think users should be permitted to do anything other than use their apps exactly as they want.
I don’t like it as a user, but I also see the reason why companies want this by being on the security side of software.
- Comment on Google Play’s latest security change may break many Android apps for some power users. The Play Integrity API uses hardware-backed signals that are trickier for rooted devices and custom ROMs to pass. 2 months ago:
This is the future of the Big Tech Internet if we’re not careful. Attestation to be able to use communications and other websites.
- Comment on 2 months ago:
I used to work in Amazon (left after 10 years because it wore me down), but it wasn’t that compartmentalized.
I’m sure there were some teams that were like that but I could easily find another team, open a ticket, get a response and see their on calls investigate the issue. It was often times possible to look at their service metrics and source code to see if I could find the problem myself.
Support just can’t share that info because they don’t know what is considered a trade secret or internal detail vs what is public.
- Comment on Why Balcony Solar Panels Haven’t Taken Off in the US 2 months ago:
No, it’s electrical code. Standard outlets can’t be used to supply power because it means you have a plug that has exposed wires commonly called suicide wires. While these balconey top solar likely use grid following so it has to detect a grid voltage, the electrical code doesn’t consider it AFAIK.
- Comment on The Beauty Of Having A Pi-hole · Den Delimarsky 2 months ago:
Different Operating Systems call it different things. Windows calls it Alternate. Even if it was only used when the primary was down, DNS doesn’t provide any sort of guidance or standard on when to switch between primary and secondary. Is one query timeout enough to switch? How often do you reattempt to the first DNS server? When do you switch back?
- Comment on The Beauty Of Having A Pi-hole · Den Delimarsky 2 months ago:
And what do you set that secondary DNS entry to? Operating systems may use both, so you need the secondary to point to a pi hole or else you’re letting ads through randomly.
- Comment on That's all folks, Plex is starting to charge for sharing 2 months ago:
Its not difficult for technical people like you or me, but my friend who just wants to watch their favorite show on my Plex on their TV won’t know how to traffic engineer the traffic over a Tailscale network to my network.
- Comment on That's all folks, Plex is starting to charge for sharing 2 months ago:
With Plex, you’re getting the easy ability to grant access to users. You get a single pane that can search across multiple Plex instances, and NAT traversal/port forwarding. Jellyfin makes you figure that out yourself.
- Comment on Hundreds of smartphone apps are monitoring users through their microphones 3 months ago:
Past vulnerabilities doesn’t mean there is active mpdern vulnerabilities especially ones in widely tested operating systems that’s exploited by as many apps as people claim are listening when security researchers also regularly reverse engineer and analyze the source code of popular apps to figure out what they’re doing.
Its one thing to claim there’s some a system level bypass for the icon that the NSA uses to spy on its enemies, it’s another thing to claim that it’s being exploited on a wide scale by a tech company.
- Comment on Blue Shield of California shared the private health data of millions with Google for years 3 months ago:
Here’s a good reason why you should run an ad blocker. Block the Google Analytics script from loading entirely.
- Comment on Blue Shield of California shared the private health data of millions with Google for years 3 months ago:
Google Analytics gives you insights on what pages people visit, how long they spend, what kind of browsers and devices they use. That can give them data on what pages are important to customers and what screen sizes to support
I’d rather they self host this data vs use Google Analytics, but there are benefits.
- Comment on [deleted] 3 months ago:
The started charging money for Docker Desktop for companies and they have been adding pull limits on Docker Hub.
- Comment on Cozy video games can quell stress and anxiety 3 months ago:
Personally, I’ve been enjoying cozy games like Dorfromantik, Rail Route, or even Transport Fever 2 (I just play with unlimited money and build great transit networks that I wish existed in my home country.)
- Submitted 3 months ago to games@lemmy.world | 29 comments
- Comment on Framework Laptop 12 is now available for pre-order for €569 and up (but not in the US) 3 months ago:
The laptops are manufactured in Taiwan. There’s so much unpredictability in the tariffs so they’re delaying until it settles down. Tariffs are going to impact US companies and US residents.
- Comment on New Jellyfin Server/Web release: 10.10.7 3 months ago:
Oh that would be nice. I would use that to just go into the database and fix all my broken music metadata which I can’t see to fix any other way.
- Comment on Encrypting data on local servers? 4 months ago: